CVE-2025-30163

Name of the Vulnerable Software and Affected Versions Cilium versions 1.16.0 through 1.16.7 Cilium versions 1.17.0 through 1.17.1

Description The issue affects Cilium, a networking, observability, and security solution with an eBPF-based dataplane. Node-based network policies, specifically those using fromNodes and toNodes, will incorrectly permit traffic to and from non-node endpoints that share the labels specified in these policy sections. This occurs because node-based network policy is not properly enforced, allowing unintended access. The issue is not related to any specific number of potentially affected devices worldwide or real-world incidents.

Recommendations For Cilium versions 1.16.0 through 1.16.7, update to version 1.16.8 or later to resolve the issue. For Cilium versions 1.17.0 through 1.17.1, update to version 1.17.2 or later to resolve the issue. As a temporary workaround, ensure that the labels used in fromNodes and toNodes fields are used exclusively by nodes and not by other endpoints to mitigate the risk of exploitation.